I have been looking for an example with JSON format not YAML to be able to configure the https in the single instance of the Elastic Beanstalk server.
The file inside the .ebextensions/singlehttps.config
The single instance is so important for low end applications, as we do not have to use the Load Balancer which costs extra 20$ per month.
Asked
Active
Viewed 361 times
0
anestis
- 931
- 3
- 9
- 24
1 Answers
1
After so much trouble I post my creation here for anyone else battling with the same problem. This was tested on a PHP server.
{
"files": {
"/etc/pki/tls/certs/server.crt": {
"owner": "root",
"source": "amazon/s3/url/server.crt",
"group": "root",
"mode": "000700"
},
"/etc/pki/tls/certs/server.key": {
"owner": "root",
"source": "amazon/s3/url/server.key",
"group": "root",
"mode": "000700"
},
"/etc/pki/tls/certs/gd_bundle.crt": {
"owner": "root",
"source": "amazon/s3/url/gd_bundle.crt",
"group": "root",
"mode": "000700"
},
"/etc/httpd/conf.d/ssl.conf": {
"owner": "root",
"content": "LoadModule ssl_module modules/mod_ssl.so\nListen 443\n<VirtualHost *:443>\n <Proxy *>\n Order deny,allow\n Allow from all\n </Proxy>\n\n SSLEngine on\n SSLCertificateFile \"/etc/pki/tls/certs/server.crt\"\n SSLCertificateKeyFile \"/etc/pki/tls/certs/server.key\"\n SSLCertificateChainFile \"/etc/pki/tls/certs/gd_bundle.crt\"\n SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH\n SSLProtocol All -SSLv2 -SSLv3\n SSLHonorCipherOrder On\n SSLSessionTickets Off\n\n Header always set Strict-Transport-Security \"max-age=63072000; includeSubdomains; preload\"\n Header always set X-Frame-Options DENY\n Header always set X-Content-Type-Options nosniff\n\n ProxyPass / http://localhost:80/ retry=0\n ProxyPassReverse / http://localhost:80/\n ProxyPreserveHost on\n RequestHeader set X-Forwarded-Proto \"https\" early\n\n LogFormat \"%h (%{X-Forwarded-For}i) %l %u %t \\\"%r\\\" %>s %b \\\"%{Referer}i\\\" \\\"%{User-Agent}i\\\"\"\n ErrorLog /var/log/httpd/elasticbeanstalk-error_log\n TransferLog /var/log/httpd/elasticbeanstalk-access_log\n</VirtualHost>\n",
"group": "root",
"mode": "000644"
}
},
"packages": {
"yum": {
"mod24_ssl": []
}
},
"Resources": {
"sslSecurityGroupIngress": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"ToPort": 443,
"IpProtocol": "tcp",
"GroupId": {
"Fn::GetAtt": [
"AWSEBSecurityGroup",
"GroupId"
]
},
"FromPort": 443,
"CidrIp": "0.0.0.0/0"
}
},
"AWSEBAutoScalingGroup": {
"Metadata": {
"AWS::CloudFormation::Authentication": {
"S3Auth": {
"roleName": {
"Fn::GetOptionSetting": {
"Namespace": "aws:asg:launchconfiguration",
"DefaultValue": "aws-elasticbeanstalk-ec2-role",
"OptionName": "IamInstanceProfile"
}
},
"buckets": [
"amazons3bucket"
],
"type": "s3"
}
}
}
}
}
}
anestis
- 931
- 3
- 9
- 24